Created attachment 793234 [details]
Reproducer source code

Description of problem:
/usr/bin/id -G always reports the primary group as defined in /etc/passwd, even
when gid, egid and supplementary group list has been set to a different group.


Version-Release number of selected component (if applicable):
coreutils-8.4-19.el6.x86_64

How reproducible:
Always


Steps to Reproduce:
1. Create additional group:
   # groupadd -g 1010 group1010
2. Add user:
   # useradd user1
3. Make user member of additional group
   # gpasswd -a user1 group1010
4. Build and install reproducer:
   # gcc -Wall -o reproducer reproducer2.c
   # install -m4755 reproducer /usr/local/bin/reproducer
5.  Run reproducer which sets gid/egid to group1010 and calls exceve(2)
    to execute "id -G"


Actual results:
On RHEL-6.4:
# su - user1
$ /usr/local/bin/reproducer 
1010 501    <<---- Even when gid and egid have been set to 1010, the primary
                   gid as configured in /etc/passwd is reported while not
                   not being effective.


Expected results:
On RHEL-5.9:
# su - user1
$ /usr/local/bin/reproducer 
1010        <<---- Only the gid as set by reproducer is shown.


Additional info:
The reproducer calls execve(2) in stead of system(3) to avoid bash dropping
the privileges.

From coreutils-8.4/lib/mgetgroups.c in function mgetgroups():
~~~
  ng = (username
        ? getugroups (max_n_groups, g, username, gid)
        : getgroups (max_n_groups - (gid != (gid_t) -1),
                                g + (gid != (gid_t) -1)));

  if (ng < 0)
    {
      /* Failure is unexpected, but handle it anyway.  */
      int saved_errno = errno;
      free (g);
      errno = saved_errno;
      return -1;
    }

  if (!username && gid != (gid_t) -1)   <-- primary gid is always added to list
    {
      *g = gid;
      ng++;
    }
~~~